[Secure-testing-team] Bug#872834: thunderbird: Several critical bugs were fixed with 52.3, but debian offers 52.2

cronoik johannes.schaffrath at mail.de
Mon Aug 21 17:55:38 UTC 2017 

Package: thunderbird
Version: 1:52.2.1-4~deb8u1
Severity: grave
Tags: security
Justification: user security hole

Dear Maintainer,

the version of thunderbird offered by Debian is vulnerable to three critical bugs in a browser-like context according to [1]. Please package the new version which is provided by mozilla. 


[1] https://www.mozilla.org/en-US/security/advisories/mfsa2017-20/


-- System Information:
Debian Release: 8.9
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages thunderbird depends on:
ii  debianutils               4.4+b1
ii  fontconfig                2.11.0-6.3+deb8u1
ii  libatk1.0-0               2.14.0-1
ii  libc6                     2.19-18+deb8u10
ii  libcairo-gobject2         1.14.0-2.1+deb8u2
ii  libcairo2                 1.14.0-2.1+deb8u2
ii  libdbus-1-3               1.8.22-0+deb8u1
ii  libdbus-glib-1-2          0.102-1
ii  libevent-2.0-5            2.0.21-stable-2+deb8u1
ii  libffi6                   3.1-2+deb8u1
ii  libfontconfig1            2.11.0-6.3+deb8u1
ii  libfreetype6              2.5.2-3+deb8u2
ii  libgcc1                   1:4.9.2-10
ii  libgdk-pixbuf2.0-0        2.31.1-2+deb8u5
ii  libglib2.0-0              2.42.1-1+b1
ii  libgtk-3-0                3.14.5-1+deb8u1
ii  libhunspell-1.3-0         1.3.3-3
ii  libpango-1.0-0            1.36.8-3
ii  libpangocairo-1.0-0       1.36.8-3
ii  libpangoft2-1.0-0         1.36.8-3
ii  libpixman-1-0             0.32.6-3
ii  libstartup-notification0  0.12-4
ii  libstdc++6                4.9.2-10
ii  libx11-6                  2:1.6.2-3
ii  libx11-xcb1               2:1.6.2-3
ii  libxcb-shm0               1.10-3+b1
ii  libxcb1                   1.10-3+b1
ii  libxcomposite1            1:0.4.4-1
ii  libxdamage1               1:1.1.4-2+b1
ii  libxext6                  2:1.3.3-1
ii  libxfixes3                1:5.0.1-2+b2
ii  libxrender1               1:0.9.8-1+b1
ii  libxt6                    1:1.1.4-1+b1
ii  psmisc                    22.21-2
ii  x11-utils                 7.7+2
ii  zlib1g                    1:1.2.8.dfsg-2+b1

Versions of packages thunderbird recommends:
ii  hunspell-en-us [hunspell-dictionary]  20070829-6+deb8u1
ii  lightning                             1:52.2.1-4~deb8u1

Versions of packages thunderbird suggests:
pn  apparmor          <none>
pn  fonts-lyx         <none>
ii  libgssapi-krb5-2  1.12.1+dfsg-19+deb8u2

-- no debconf information

More information about the Secure-testing-team mailing list